NameSilo

NWX.com stolen

Labeled as alert in Warnings and Alerts started by equity78, Dec 17, 2018.

Replies:
81
Views:
5,707

  1. maxtra

    maxtra Upgraded Member Gold Account VIP

    Posts:
    2,939
    Likes Received:
    1,666
    The offer to me was priced high enough that I thought it was a legitimate reseller offer

    The account had 10+ positive feedback on their NP account which I used as a benchmark

    Everything about the transaction seemed legitimate

    Thanks
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. BestDomains2828

    BestDomains2828 Account Auto-Closed

    Posts:
    131
    Likes Received:
    59
    How can he stolen all this names maybe this guy got a virus that is working for him.
     
  3. Silentptnr

    Silentptnr Hey From L.A. VIP

    Posts:
    11,643
    Likes Received:
    28,812
    I put the persons name (from paypal) in Google and it might be coincidence, but the persons name is the same as a person that was just convicted of drug trafficking in Texas.
     
  4. Grilled

    Grilled GGG VIP

    Posts:
    4,195
    Likes Received:
    5,555
    Hi Ron -- Welcome to namePros! (and +1 for having the coolest last name I've seen all year!)

    Not sure how much details you have behind the alleged theft, but as the process goes on, the more you can uncover, the better your chances of recovering the domain. A good place to start, as indicated in a previous post above, is to review your email...

    When did you lose access to the domain? Keeping in mind, the date the domain was transferred out might not be the date you lost access to the domain. e.g. The alleged thief most likely had entry to your email and/or registrar prior to the transfer out date.

    DomainIQ WHOIS records show the domain at Domain.com on a December 7th entry, but a December 10th DomainIQ WHOIS shows the domain under privacy at Namesilo with a December 7th update date.

    **Note the Updated Dates for possible specific time stamps**

    The December 7th entry:

    upload_2018-12-17_10-45-30.png

    VS

    December 10th entry:

    upload_2018-12-17_10-46-13.png

    The December 10th WHOIS Updated Date [2018-12-07T21:34:20Z] is a likely indication of when it may have been transferred out.


    Also note the expiration difference between WHOIS entries, the December 10th entry shows a new 2020 expiration -- which combined with a registrar change indicates a transfer occurred.

    Why did the alleged thief use Namesilo? One has to wonder if the transfer was paid for in Bitcoin.

    Another thing to note, the nameserver changes:

    From:
    NS1.MYDOMAINWEBHOST.COM

    To:
    NS-1476.AWSDNS-56.ORG
    NS-2037.AWSDNS-62.CO.UK
    NS-546.AWSDNS-04.NET
    NS-60.AWSDNS-07.COM


    Before (August 5th, 2018)

    upload_2018-12-17_10-54-31.png

    Current:

    upload_2018-12-17_10-55-9.png
     
    Last edited: Dec 17, 2018
  5. bsdomains

    bsdomains bsd.io

    Posts:
    1,704
    Likes Received:
    110
    Thanks @equity78

    There was a NS update between 06-12-2018 to 08-12-2018

    NWX._COM.png
     
  6. Silentptnr

    Silentptnr Hey From L.A. VIP

    Posts:
    11,643
    Likes Received:
    28,812
    The stolen domain I purchased was "The Endurance International Group, Inc." also.
     
  7. Grilled

    Grilled GGG VIP

    Posts:
    4,195
    Likes Received:
    5,555
    The first, last, and only (until now) time I heard of Endurance Group was during the CQD fiasco.
     
  8. namesilo

    namesilo Active Member NameSilo Staff

    Posts:
    720
    Likes Received:
    2,072
    Thanks for tagging us. We have locked down this domain while we investigate. The rightful domain owner needs to contact us at [email protected] so we can validate that it was stolen.
     
    Last edited: Dec 17, 2018
  9. Acroplex

    Acroplex Top Member DomainGang.com PRO VIP ★★★★★★★★★★

    Posts:
    3,977
    Likes Received:
    1,729
  10. sharfab

    sharfab Established Member

    Posts:
    197
    Likes Received:
    328
    They are being stolen through some form of hacking. A person doing the hack can be in any country in the world. As we can see here they posed as a member to gain our confidence, support and comfort and to also use us as a customer base. Most of our members here always do their due diligence when transacting a sale, however we see in this incident that hackers do find ways to slip through the cracks.
     
  11. Lord Antares

    Lord Antares Established Member

    Posts:
    378
    Likes Received:
    218
    Hacking can be impeccably easy, at least some forms of it. Always have long and mixed passwords, always.
     
  12. Acroplex

    Acroplex Top Member DomainGang.com PRO VIP ★★★★★★★★★★

    Posts:
    3,977
    Likes Received:
    1,729
    It looks like VAP.com was stolen in 2013 by the same person; the legit owner - Venture Asset Partners, LLC - used a Yahoo email address. The domain has been resold several times since.
     
  13. Acroplex

    Acroplex Top Member DomainGang.com PRO VIP ★★★★★★★★★★

    Posts:
    3,977
    Likes Received:
    1,729
    Add the following to the list:

    BCI.ORG
    LGM.ORG
    PVN.ORG
     
  14. sharfab

    sharfab Established Member

    Posts:
    197
    Likes Received:
    328
    WOW!! That hacker has been a very busy Domain Name Thief....
     
  15. Acroplex

    Acroplex Top Member DomainGang.com PRO VIP ★★★★★★★★★★

    Posts:
    3,977
    Likes Received:
    1,729
    There's about 125 more linked to that account; I only shared the LLL kind after verifying odd changes in ownership. They all have in common previous yahoo/AOL/Comcast etc. accounts. Others are linked to domains that dropped, and re-registered - a common domain hijacking technique.
     
  16. sharfab

    sharfab Established Member

    Posts:
    197
    Likes Received:
    328
    With that amount of domain names being linked to a hacked account should warrant all the registries attached to these domain names to work together with the possibility of a law enforcement investigation....
     
  17. maksimfa

    maksimfa Active Member VIP Trusted Contest Holder

    Posts:
    1,024
    Likes Received:
    940
    Moral of the story...

    1. Don't use weak passwords.
    2. REQUIRE 2 Factor Authentication for any account changes.
     
  18. Grilled

    Grilled GGG VIP

    Posts:
    4,195
    Likes Received:
    5,555
    Which account?
    Was it a broker, or the alleged thief?

    If alleged thief, care to post the email address and/or header?

    Or if the so called broker is different than the alleged thief, maybe you can tag / reach out to them for more information?
    Did the seller use patygmar @ gmail.com as their PayPal address?

    You should probably update the trade review you left, to reflect the negative experience.
    Were you refunded / was the domain returned to the rightful owner?

    You also might want to update the trade review you left, to reflect the negative experience.
     
    Last edited: Dec 18, 2018
  19. Ritesh Chauhan

    Ritesh Chauhan Upgraded Member Gold Account VIP

    Posts:
    2,659
    Likes Received:
    472
    i removed my trade reviews...
    (will put -ve review once case comes to conclusion)
     
  20. Grilled

    Grilled GGG VIP

    Posts:
    4,195
    Likes Received:
    5,555
    Something I'm wondering...

    ... Could the domain have been pushed to another domain.com affiliated registrar prior to being transferred to Namesilo?

    According to SecurityTrails.com, the NameServers were changed to ns1.domain.com on or around December 6th. There is no record on SecurityTrails of the nameservers being changed to ns1.domain.com within the last 10 years; it appears to be a first.

    I believe the default nameservers for MyDomain.com is ns1.mydomain.com. Whereas the default nameservers for Domain.com is NS1.domain.com.

    ... hence my thinking, that the domain may have been pushed from mydomain.com to another domain.com affiliated registrar prior to being transferred out.
    Not sure if that would be reflected in WHOIS updates to confirm or deny.

    Just a thought.
     
    Last edited: Dec 18, 2018
  21. maxtra

    maxtra Upgraded Member Gold Account VIP

    Posts:
    2,939
    Likes Received:
    1,666
    I filed claim with PayPal and the name is still under GoDaddy dispute

    Trade reviews wont matter as the account is banned, but updated nonetheless

    Thanks
     
  22. alcy

    alcy Active Member VIP

    Posts:
    15,194
    Likes Received:
    22,419
    afaik u cant push between mydomain dotster netfirms etc
     
  23. Grilled

    Grilled GGG VIP

    Posts:
    4,195
    Likes Received:
    5,555
    I just asked MyDomain.com chat support if a free push to Domain.com is possible, or if it'd require a paid transfer.

    Their response:

    "If you buy a domain name with MyDomain, we can move the domain name to Domain.com for free as it our sister concern company ."
     
  24. alcy

    alcy Active Member VIP

    Posts:
    15,194
    Likes Received:
    22,419
    not all reps are created equal. proof is in the fact that I was told exact opposite by another rep a while back when I wanted to do that.

    pushes are hard even mydomain to mydomain. cause you always have to call them or chat. u cannot do it yourself. then even when u call them, there are 2 ways to do it. and one of them involves knowing the secret accnt question of new owner.
     
  25. Grilled

    Grilled GGG VIP

    Posts:
    4,195
    Likes Received:
    5,555
    Sounds like you had a bad rep. Ha. I think I remember pushing a domain from a domain.com affiliate to another domain.com affiliate in the past. But couldn't remember for sure. The chat with the rep confirmed it.

    I wonder if this 'secret accnt question' method works with MyDomain.com to Domain.com pushes. Or if it would have required assistance from support.

    But back to the topic... I'm wondering if:

    The alleged thief pushed the domain to their (or somebody else's) Domain.com (or affiliate site) account prior to transferring to Namesilo.

    Not sure how (if) transfer locks (from MyDomain.com to Domain.com) would effect this.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:

Share This Page

  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...